From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A695C43387 for ; Thu, 10 Jan 2019 17:05:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DE8BC214C6 for ; Thu, 10 Jan 2019 17:05:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YaPacYri" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729169AbfAJRFH (ORCPT ); Thu, 10 Jan 2019 12:05:07 -0500 Received: from mail-wm1-f65.google.com ([209.85.128.65]:54630 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728959AbfAJRFH (ORCPT ); Thu, 10 Jan 2019 12:05:07 -0500 Received: by mail-wm1-f65.google.com with SMTP id a62so11993875wmh.4; Thu, 10 Jan 2019 09:05:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4+WqDnnUGCh2XoATSBHBrwcD1kmWLsijyoT1kfDpuvA=; b=YaPacYrimV3VpNkbmvb6qiF+IIt2r4+OdORkrQcM4Eyc6lzHtFT+pwplCAaPmHX6wu XiwTthuf5hAncGY+WGcQ32KX6jJmaP+mjd2faMXXd93BY6Qdyb9ZjyvnKdWALHyUJ4bw J44GkLn9JdFg2LtMhJSf7OqrNS+GUImzg41Z+bTQKonycSxjSHLJTcHBZiivfGZ/qKcz O714fVL1xWE4b9hlPouRTPsE0smNsHQR/xla/nOECNYWsmrB+I4jpNa8Nw/xLgCbsCes aX1pfCInmO+0BTafLZMqOoZa3Ysi4i9Rr8C1/4m0bMlbYWo/MriD33xZbstMEF9a7VEs bP5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4+WqDnnUGCh2XoATSBHBrwcD1kmWLsijyoT1kfDpuvA=; b=RssKDBgv/sN861I/uGyr4Rc+7MMCqDlaRfWVCdR2N2CmxnzZrflSQkn697VOmxdIKt rqKKhVexQddw+2pzcSPtG1Zn6FFjdyk4I9rASYzgfcAsKu6eItUNC8DLezwzKnl9WBC0 gLdioAsekuUXFpDUPe/WJGaBPSl7IWTKlZH8P03wFOHjG7Jkz5QBXEE7vhN4fRaM/qWY xosT68H+OI/ZWCInd1Y/CxlPvrexooSI8/diXptuwiB5YgC3+7nPaxVu8fq6q3akRWhX JVH5suFaEQMuRWqKOYVRDNmNxMj8AED5/w0i9nTUsi+MJXBWRWPlM7DKFdpYZIUyW6d5 FP3Q== X-Gm-Message-State: AJcUukeSO5P+jbimdXDBoybynx4PhqpPCHUgrLHdFFYjsQADABy0yZew lfEXtSoBxbWnabVDhHLwMc4= X-Google-Smtp-Source: ALg8bN4xblcr9vCrwp8jrkcik9aw3WAHgMWwqpC/YiA48QnLkN9gDAgsg7tCn6QJAcVUx0VgqgOoqw== X-Received: by 2002:a1c:e488:: with SMTP id b130mr10852885wmh.124.1547139904064; Thu, 10 Jan 2019 09:05:04 -0800 (PST) Received: from amir-VirtualBox.ctera.local ([188.120.129.201]) by smtp.gmail.com with ESMTPSA id m4sm5725868wmi.3.2019.01.10.09.05.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Jan 2019 09:05:03 -0800 (PST) From: Amir Goldstein To: Jan Kara Cc: Matthew Bobrowski , linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org Subject: [PATCH v5 09/17] fanotify: enable FAN_REPORT_FID init flag Date: Thu, 10 Jan 2019 19:04:36 +0200 Message-Id: <20190110170444.30616-10-amir73il@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190110170444.30616-1-amir73il@gmail.com> References: <20190110170444.30616-1-amir73il@gmail.com> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org When setting up an fanotify listener, user may request to get fid information in event instead of an open file descriptor. The fid obtained with event on a watched object contains the file handle returned by name_to_handle_at(2) and fsid returned by statfs(2). Restrict FAN_REPORT_FID to class FAN_CLASS_NOTIF, because we have have no good reason to support reporting fid on permission events. When setting a mark, we need to make sure that the filesystem supports encoding file handles with name_to_handle_at(2) and that statfs(2) encodes a non-zero fsid. Cc: Signed-off-by: Amir Goldstein --- fs/notify/fanotify/fanotify_user.c | 61 +++++++++++++++++++++++++++++- include/linux/fanotify.h | 2 +- 2 files changed, 61 insertions(+), 2 deletions(-) diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index bd42e681a052..211ec6332d31 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -17,6 +17,8 @@ #include #include #include +#include +#include #include @@ -768,6 +770,10 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags) return -EINVAL; } + if ((flags & FAN_REPORT_FID) && + (flags & FANOTIFY_CLASS_BITS) != FAN_CLASS_NOTIF) + return -EINVAL; + user = get_current_user(); if (atomic_read(&user->fanotify_listeners) > FANOTIFY_DEFAULT_MAX_LISTENERS) { free_uid(user); @@ -854,6 +860,52 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags) return fd; } +/* Check if filesystem can encode a unique fid */ +static int fanotify_test_fid(struct path *path) +{ + struct kstatfs stat, root_stat; + struct path root = { + .mnt = path->mnt, + .dentry = path->dentry->d_sb->s_root, + }; + int err; + + /* + * Make sure path is not in filesystem with zero fsid (e.g. tmpfs). + */ + err = vfs_statfs(path, &stat); + if (err) + return err; + + if (!stat.f_fsid.val[0] && !stat.f_fsid.val[1]) + return -ENODEV; + + /* + * Make sure path is not inside a filesystem subvolume (e.g. btrfs) + * which uses a different fsid than sb root. + */ + err = vfs_statfs(&root, &root_stat); + if (err) + return err; + + if (root_stat.f_fsid.val[0] != stat.f_fsid.val[0] || + root_stat.f_fsid.val[1] != stat.f_fsid.val[1]) + return -EXDEV; + + /* + * We need to make sure that the file system supports at least + * encoding a file handle so user can use name_to_handle_at() to + * compare fid returned with event to the file handle of watched + * objects. However, name_to_handle_at() requires that the + * filesystem also supports decoding file handles. + */ + if (!path->dentry->d_sb->s_export_op || + !path->dentry->d_sb->s_export_op->fh_to_dentry) + return -EOPNOTSUPP; + + return 0; +} + static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask, int dfd, const char __user *pathname) { @@ -939,6 +991,12 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask, if (ret) goto fput_and_out; + if (FAN_GROUP_FLAG(group, FAN_REPORT_FID)) { + ret = fanotify_test_fid(&path); + if (ret) + goto path_put_and_out; + } + /* inode held in place by reference to path; group by fget on fd */ if (mark_type == FAN_MARK_INODE) inode = path.dentry->d_inode; @@ -967,6 +1025,7 @@ static int do_fanotify_mark(int fanotify_fd, unsigned int flags, __u64 mask, ret = -EINVAL; } +path_put_and_out: path_put(&path); fput_and_out: fdput(f); @@ -1003,7 +1062,7 @@ COMPAT_SYSCALL_DEFINE6(fanotify_mark, */ static int __init fanotify_user_setup(void) { - BUILD_BUG_ON(HWEIGHT32(FANOTIFY_INIT_FLAGS) != 7); + BUILD_BUG_ON(HWEIGHT32(FANOTIFY_INIT_FLAGS) != 8); BUILD_BUG_ON(HWEIGHT32(FANOTIFY_MARK_FLAGS) != 9); fanotify_mark_cache = KMEM_CACHE(fsnotify_mark, diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h index 9e2142795335..f59be967f72b 100644 --- a/include/linux/fanotify.h +++ b/include/linux/fanotify.h @@ -19,7 +19,7 @@ FAN_CLASS_PRE_CONTENT) #define FANOTIFY_INIT_FLAGS (FANOTIFY_CLASS_BITS | \ - FAN_REPORT_TID | \ + FAN_REPORT_TID | FAN_REPORT_FID | \ FAN_CLOEXEC | FAN_NONBLOCK | \ FAN_UNLIMITED_QUEUE | FAN_UNLIMITED_MARKS) -- 2.17.1